On Mon, Jan 11, 2016 at 9:32 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > No MD5 function should remain in the relevant codebase; > > In particular the IETF does not get to tell anyone which functions > they get to include in their codebase. So no IETF document saying > such a thing makes much difference. Not being the person who called "diediedie", but being in total agreement with the OP, "diediedie" should represent a "burn notice" from the IETF to all implementers: DO NOT DO THIS!!! Clearly many TLS stacks still implement MD5, and there are no TLS police to arrest the people who are ignoring the IETF RFCs and still shipping diediedie-filled crypto, but if we want any modicum of security want any sort of security guarantees from TLS, all stacks *MUST* abandon MD5 in its entirety. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
